Sometimes you have to work with legacy code and you don’t have the budget to refactor it to remove practices that are deprecated. magic_quotes_gpc was a setting that was turned on for a lot of PHP 4 installations but it is now no longer a best practice to have it on. If you aren’t sure what that is, it automatically adds slashes or quotes data that comes in to PHP via cookies or a GET or POST HTTP request.
The PHP website has a good method of stripping out those slashes if you are unable to turn off magic_quotes_gpc (http://ca3.php.net/manual/en/security.magicquotes.disabling.php). But what if you need it on to run your legacy code? Here is the inverse of the solution that is provided on the PHP website:
if (!get_magic_quotes_gpc()) {
function addslashes_deep($value)
{
$value = is_array($value) ?
array_map('addslashes_deep', $value) :
addslashes($value);
return $value;
}
$_POST = array_map('addslashes_deep', $_POST);
$_GET = array_map('addslashes_deep', $_GET);
$_COOKIE = array_map('addslashes_deep', $_COOKIE);
$_REQUEST = array_map('addslashes_deep', $_REQUEST);
}
Put that at the beginning of your script and it will add all of the slashes back in. Not ideal, but if you have no other option it will get you going again.
